(solved) Need help to setup a mutli vlan on a rt-ac3100

  • ATTENTION! As of November 1, 2020, you will not be able to reply to threads 6 months after the thread is opened. Threads will not be locked, so posts may still be edited by their authors.

thesweetiger

New Around Here
I need to setup few vlan on my ac3100
I have done in the past perfectly on a netgear wndr4000 with dd-wrt , just I like the asus web gui interface which give more detail

So I'm looking to configure 5 vlan (excluding the vlan2 which is used for the wan connection)
1: is my personnal network
3: parent network
4: guest network
5: retro network (i want to use the wifi and the lan for some oldschool device )
6: kid
each have is own ip range

Port 1 and 2 -> vlan 1
port 3 -> vlan 1,5,6 (an ubuntu server with tagged port support)
port 4 -> vlan 1,3,4,5,6 (a netgear managed switch already set and work fully with my previous router)

i have also to set 4 wireless access point (on both 2.4 and 5 )later, just for now I try only to have the vlan operationnal

Actually
-My vlan1 give an IP to everyone on vlan1 include on my netgear switch port assigned on vlan1

-other vlan have no ip

-vlan3 on port 2 can't communicate with vlan3 on the netgear switch if ip is set manually on both computer

-vlan1 on port 1 and the assgned port for this vlan on my netgear switch work fine and can communicate perfectly

So actually only the vlan1 work perfectly

Thanks for your help
So this is my actual config and return
(note: i tested port 8 and 5)
(note1: for test only the port 2 is assigned to vlan3)
/jffs/scripts/services-start
Code:
#!/bin/sh

##Config Vlan ##
robocfg vlan 1 ports "0 2t 3t 5 7 8t"
robocfg vlan 3 ports "1 2t 3t 8t"
robocfg vlan 4 ports "2t 3t 8t"
robocfg vlan 5 ports "2t 3t 8t"
robocfg vlan 6 ports "2t 3t 8t"

vconfig add eth0 3
vconfig add eth0 4
vconfig add eth0 5
vconfig add eth0 6

## Activation Vlan ##
ifconfig vlan3 up
ifconfig vlan4 up
ifconfig vlan5 up
ifconfig vlan6 up

##bridge config mom ##
brctl addbr br1
brctl stp br1 on
brctl addif br1 vlan3
ifconfig br1 192.168.2.1 netmask 255.255.255.0
ifconfig br1 up

##bridge config public ##
brctl addbr br2
brctl stp br2 on
brctl addif br2 vlan4
ifconfig br2 192.168.3.1 netmask 255.255.255.0
ifconfig br2 up

##bridge config retro ##
brctl addbr br3
brctl stp br3 on
brctl addif br3 vlan5
ifconfig br3 192.168.4.1 netmask 255.255.255.0

##bridge config kid ##
brctl addbr br4
brctl stp br4 on
brctl addif br4 vlan6
ifconfig br4 192.168.5.1 netmask 255.255.255.0
ifconfig br4 up

## set in nvram ##
nvram set vlan1ports="0 2t 3t 5 7 8t"

nvram set vlan3ports="1 2t 3t 8t"
nvram set lan1_ifnames="vlan3"
nvram set lan1_ifname="br1"
nvram set vlan3hwname=et2

nvram set vlan4ports="2t 3t 8t"
nvram set lan2_ifnames="vlan4"
## set in nvram ##
nvram set vlan1ports="0 2t 3t 5 7 8t"

nvram set vlan3ports="1 2t 3t 8t"
nvram set lan1_ifnames="vlan3"
nvram set lan1_ifname="br1"
nvram set vlan3hwname=et2

nvram set vlan4ports="2t 3t 8t"
nvram set lan2_ifnames="vlan4"
nvram set lan2_ifname="br2"
nvram set vlan4hwname=et2

nvram set vlan5ports="2t 3t 8t"
nvram set lan3_ifnames="vlan5"
nvram set lan3_ifname="br3"
nvram set vlan5hwname=et2

nvram set vlan6ports="2t 3t 8t"
nvram set lan4_ifnames="vlan6"
nvram set lan4_ifname="br4"
nvram set vlan6hwname=et2

nvram commit
killall eapd
eapd
/jffs/configs/dnsmasq.conf.add

Code:
#assign ip to bridge


interface=br1
dhcp-range=tag:br1,192.168.2.100,192.168.2.150,255.255.255.0,1440m
dhcp-option=tag:br1,3,192.168.2.1

interface=br2
dhcp-range=tag:br2,192.168.3.100,192.168.3.150,255.255.255.0,1440m
dhcp-option=tag:br2,3,192.168.3.1

interface=br3
dhcp-range=tag:br3,192.168.4.100,192.168.4.150,255.255.255.0,1440m
dhcp-option=tag:br3,3,192.168.4.1

interface=br4
dhcp-range=tag:br4,192.168.5.100,192.168.5.150,255.255.255.0,1440m
dhcp-option=tag:br4,3,192.168.5.1
 

thesweetiger

New Around Here
The return

Code:
[email protected]:/tmp/home/root# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.1831bf945e38       yes             vlan1
br1             8000.1831bf945e38       yes             vlan3
br2             8000.1831bf945e38       yes             vlan4
br3             8000.1831bf945e38       yes             vlan5
br4             8000.1831bf945e38       yes             vlan6

Code:
Switch: enabled
Port 0: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 1c:1b:0d:9a:1a:c1
Port 1:   DOWN enabled stp: none vlan: 3 jumbo: off mac: 1c:1b:0d:9a:1a:c1
Port 2:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 3:   DOWN enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 4: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 00:17:10:97:ff:14
Port 5: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 7: 1000FD enabled stp: none vlan: 1 jumbo: off mac: 00:00:00:00:00:00
Port 8: 1000FD enabled stp: none vlan: 2 jumbo: off mac: 18:31:bf:94:5e:38
VLANs: BCM5301x enabled mac_check mac_hash
   1: vlan1: 0 2t 3t 5t 7 8t
   2: vlan2: 4 8u
   3: vlan3: 1 2t 3t 8t
   4: vlan4: 2t 3t 8t
   5: vlan5: 2t 3t 8t
   6: vlan6: 2t 3t 8t
Code:
[email protected]:/tmp/home/root# ifconfig
br0       Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:21686 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13698 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3521128 (3.3 MiB)  TX bytes:2748884 (2.6 MiB)

br1       Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3248 (3.1 KiB)

br2       Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:192.168.3.1  Bcast:192.168.3.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3248 (3.1 KiB)

br3       Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:192.168.4.1  Bcast:192.168.4.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3322 (3.2 KiB)

br4       Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:192.168.5.1  Bcast:192.168.5.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:23 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:3248 (3.1 KiB)

eth0      Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX  Mask:XXX.XXX.XXX.XXX
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:415751 errors:0 dropped:0 overruns:0 frame:0
          TX packets:418523 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:228253545 (217.6 MiB)  TX bytes:227638849 (217.0 MiB)
          Interrupt:181 Base address:0x6000

eth1      Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18259 errors:0 dropped:2 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:2932324 (2.7 MiB)

eth2      Link encap:Ethernet  HWaddr 18:31:BF:94:5E:3C
          UP BROADCAST RUNNING ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9548 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:2296403 (2.1 MiB)

fwd0      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:19760 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:19268 (18.8 KiB)  TX bytes:0 (0.0 B)
          Interrupt:179 Base address:0x4000

fwd1      Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:10342 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:11646 (11.3 KiB)  TX bytes:0 (0.0 B)
          Interrupt:180 Base address:0x5000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING MULTICAST  MTU:16436  Metric:1
          RX packets:3501 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3501 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:713090 (696.3 KiB)  TX bytes:713090 (696.3 KiB)

vlan1     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING PROMISC ALLMULTI MULTICAST  MTU:1500  Metric:1
          RX packets:257388 errors:0 dropped:0 overruns:0 frame:0
          TX packets:167371 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:33794041 (32.2 MiB)  TX bytes:194183363 (185.1 MiB)

vlan2     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

vlan3     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2055 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:115080 (112.3 KiB)

vlan4     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2055 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:115080 (112.3 KiB)

vlan5     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2055 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:115080 (112.3 KiB)

vlan6     Link encap:Ethernet  HWaddr 18:31:BF:94:5E:38
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2055 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:115080 (112.3 KiB)


Code:
[email protected]:/tmp/home/root# nvram show |grep vlan
vlan6ports=2t 3t 5t
vlan3hwname=et2
br0_ifnames=vlan1
vlan4ports=2t 3t 5t
vlan_pvid_list=
vlan2ports=4 8u
lan2_ifnames=vlan4
vlan6hwname=et2
gvlan_rulelist=
wl0_vlan_prio_mode=off
vlan2hwname=et2
size: 62696 bytes (68376 left)
lan3_ifnames=vlan5
vlan5hwname=et2
wl_vlan_prio_mode=off
lan_ifnames=vlan1 eth1 eth2
vlan5ports=2t 3t 5t
vlan_enable=0
vlan3ports=1 2t 3t 5t
vlan1hwname=et2
vlan1ports=0 2t 3t 5t 7 8t
lan4_ifnames=vlan6
vlan4hwname=et2
landevs=vlan1 wl0 wl1
lan1_ifnames=vlan3
wl1_vlan_prio_mode=off
vlan_rulelist=
 

thesweetiger

New Around Here
Ok finally I found the issue , Thanks windows XP and your firewall!
short story eset block ping request and on the other side a old laptop with XP also deny ping request

I was able to build the entire setting and set all the rules without issue

The iptables explanation from DD-WRT to do the vlan is also a good source of information since this point is identic for the firewall setting

If you need help I will check some time to help
 

Raymond74

Occasional Visitor
I am looking for something like this as well (more wifi oriented) and with iptables. Could you assist ?
 

thesweetiger

New Around Here
Yess
if you want the same ip range you can just set
I am looking for something like this as well (more wifi oriented) and with iptables. Could you assist ?
depend of what you want to do

for link a vap to a vlan I done that wiith brctl
and i set the ifname and ifnames in the nvram

So if you want some help , the first step is describewhat you want to do, what you have already done and which router model you have

Description like

how many vlan you want
want multiple vlan go to one managed switch /router
which need to be isolate
soe device need to be able to talk with another device on another vlan , like printer and nas

I have a asus router rt-ac3100 and a netgear FSM726S managed switch
I need 5 vlan
vlan 1 - need tobe isolate and have a separate wifi securised and port 1 and 2 and a managed switch on port 4
vlan 2- need to be isolate a wifi open and go also to a managed switch on port 4
vlan 3 - need to be isolate with wifi securised
vlan 4 - need only access to port 4 on a managed switch no internet acess
vlan 5- need only access to port 4 and wifi with no internet access


Also preference on a new thread
 

Raymond74

Occasional Visitor
I want to unlink wl0.1 from br0 and put it on br1 with it's own DHCP server (running on the ASUS).

This is my /jffs/config/dnsmasq.conf:

Code:
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
rm /tmp/000services-start

#robocfg vlan 1 ports "0t 1 5t"
robocfg vlan 9 ports "0t 5t 7t"

vconfig add eth0 9
ifconfig vlan9 up

ifconfig br1 down
brctl delbr br1
brctl addbr br1

brctl delif br0 wl0.1
brctl delif br0 wl1.1

brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br1 vlan9


ifconfig br1 192.168.254.1 netmask 255.255.255.0
ifconfig br1 up


nvram set lan1_ifnames="vlan9 wl0.1 wl1.1"
nvram set lan1_ifname="br1"

nvram commit

killall eapd
eapd

touch /tmp/000services-start
And this one in services-start
Code:
#!/bin/ash
PATH="/sbin:/usr/sbin:/bin:/usr/bin:${PATH}"
rm /tmp/000services-start

#robocfg vlan 1 ports "0t 1 5t"
robocfg vlan 9 ports "0t 5t 7t"

vconfig add eth0 9
ifconfig vlan9 up

ifconfig br1 down
brctl delbr br1
brctl addbr br1

brctl delif br0 wl0.1
brctl delif br0 wl1.1

brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br1 vlan9


ifconfig br1 192.168.254.1 netmask 255.255.255.0
ifconfig br1 up


nvram set lan1_ifnames="vlan9 wl0.1 wl1.1"
nvram set lan1_ifname="br1"

nvram commit

killall eapd
eapd

touch /tmp/000services-start
 

thesweetiger

New Around Here
First the config file is only for configuration and not for script , so you dnsmasq is totally wrong
this is what your dnsmasq.conf.add and not dnsmasq.conf
Code:
interface=br1
dhcp-range=tag:br1,192.168.2.100,192.168.2.150,255.255.255.0,1440m
dhcp-option=tag:br1,3,192.168.2.1
now your services-start need to be like that
Code:
#!/bin/ash
##set the internal switch##
robocfg vlan 1 ports "0t 1 5t"
robocfg vlan 9 ports "0t 5t 7t"

##set the vlan inside the os##
vconfig add eth0 9
ifconfig vlan9 up

##create and add wl0.1 and wl1.1 in br1##
brctl addbr br1
brctl delif br0 wl0.1
brctl delif br0 wl1.1

brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br1 vlan9

##enable bridge 1##
ifconfig br1 192.168.254.1 netmask 255.255.255.0
ifconfig br1 up

##set nvram value for lan1 and remove wl0.1 and wl1,1 from lan0##
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set br0_ifnames="vlan1 eth1 eth2"
nvram set lan1_ifnames="vlan9 wl0.1 wl1.1"
nvram set lan1_ifname="br1"
nvram set vlan9hwname=et2
nvram set vlan0ports="0t 1 5t"
nvram set vlan9ports="0t 5t 7t"

##apply setting and reboot eapd##
nvram commit
killall eapd
eapd
Please before apply this setting can you check your value for "lan_ifnames" and "br0_ifnames" and just remove the wl0.1 and wl1.1 from them

For "vlan0ports " if you have like port 5 7 8 keep it and don't remove it
and for "vlan9hwnam" check "vlan1hwnam" and set the same value

The problem now is you have no firewall rules for your vlan9 so this vlan is denie to communicate with the router actually
now you need to set the iptables rules
there is a script to put in "firewall-start"

Code:
#!/bin/sh

##give all allowed to br1 ##
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT

##deny br1 to request anything on br0##
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP

##deny br0 to request anything to br1##
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP

##deny br1 to access to the router interface##
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-rese          $
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
this is how look mine , I put some comment for you, if you want you can remove some line if you don;t need them
Let's me know how it work ;)
 

Raymond74

Occasional Visitor
First the config file is only for configuration and not for script , so you dnsmasq is totally wrong
this is what your dnsmasq.conf.add and not dnsmasq.conf
Code:
interface=br1
dhcp-range=tag:br1,192.168.2.100,192.168.2.150,255.255.255.0,1440m
dhcp-option=tag:br1,3,192.168.2.1
now your services-start need to be like that
Code:
#!/bin/ash
##set the internal switch##
robocfg vlan 1 ports "0t 1 5t"
robocfg vlan 9 ports "0t 5t 7t"

##set the vlan inside the os##
vconfig add eth0 9
ifconfig vlan9 up

##create and add wl0.1 and wl1.1 in br1##
brctl addbr br1
brctl delif br0 wl0.1
brctl delif br0 wl1.1

brctl addif br1 wl0.1
brctl addif br1 wl1.1
brctl addif br1 vlan9

##enable bridge 1##
ifconfig br1 192.168.254.1 netmask 255.255.255.0
ifconfig br1 up

##set nvram value for lan1 and remove wl0.1 and wl1,1 from lan0##
nvram set lan_ifnames="vlan1 eth1 eth2"
nvram set br0_ifnames="vlan1 eth1 eth2"
nvram set lan1_ifnames="vlan9 wl0.1 wl1.1"
nvram set lan1_ifname="br1"
nvram set vlan9hwname=et2
nvram set vlan0ports="0t 1 5t"
nvram set vlan9ports="0t 5t 7t"

##apply setting and reboot eapd##
nvram commit
killall eapd
eapd
Please before apply this setting can you check your value for "lan_ifnames" and "br0_ifnames" and just remove the wl0.1 and wl1.1 from them

For "vlan0ports " if you have like port 5 7 8 keep it and don't remove it
and for "vlan9hwnam" check "vlan1hwnam" and set the same value

The problem now is you have no firewall rules for your vlan9 so this vlan is denie to communicate with the router actually
now you need to set the iptables rules
there is a script to put in "firewall-start"

Code:
#!/bin/sh

##give all allowed to br1 ##
iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT

##deny br1 to request anything on br0##
iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP

##deny br0 to request anything to br1##
iptables -I FORWARD -i br1 -o br0 -m state --state NEW -j DROP

##deny br1 to access to the router interface##
iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-rese          $
iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset
this is how look mine , I put some comment for you, if you want you can remove some line if you don;t need them
Let's me know how it work ;)
Thanks for your lengthy reply. Let me see if it works... can I PM you ?
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top